← 返回 Skills 市场
icemanzb

Oracle 收盘报告

作者 icemanZB · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
78
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install oracle-report
功能描述
生成包含大盘指数、情绪资金和全球市场数据的A股市场日报,支持节假日处理和飞书卡片格式发送。
安全使用建议
Do not install or run this skill without addressing the hardcoded credentials and default recipient. Specifically: - The script contains hardcoded API keys (QVERIS_API_KEY, MX_APIKEY, TUSHARE_TOKEN, FINNHUB_API_KEY). Treat these as compromised: ask the author to remove them or reject the skill. Do not assume they are placeholders. - The script also hardcodes a default FEISHU_TARGET (a specific user id). That means reports (and any data collected) could be sent to an external account without your explicit configuration. - Before using: inspect the full script, remove or replace hardcoded keys with environment-variable reads (and ensure the skill actually honors them), and set FEISHU_TARGET to a value you control. Rotate any API keys that may have been shared in this repo. - Run the script in an isolated/test environment first (no sensitive credentials) and monitor outbound traffic. If you cannot verify the origin/owner or get corrected code, avoid installing or copying this skill to other robots.
功能分析
Type: OpenClaw Skill Name: oracle-report Version: 1.0.0 The skill bundle is a functional market report generator but contains several high-risk security practices. Most notably, the script 'oracle_report_generator.py' contains multiple hardcoded API keys and tokens for financial services (QVeris, Tushare, Finnhub, and mx_data) as well as a hardcoded Feishu recipient ID. It also frequently uses 'subprocess.run(shell=True)' to execute shell commands and external scripts, which is a significant security risk for shell injection. While the code appears to perform its stated task, the inclusion of hardcoded credentials and the use of unsafe execution methods are characteristic of poorly secured or potentially tracking-enabled software.
能力评估
Purpose & Capability
The skill's name/description (A股日報 + Feishu card sending) matches the code and declared dependencies (mx_data, qveris). Requiring those skills is coherent. However, the code embeds API keys and other service credentials directly in the script instead of using the declared environment variables, which is inconsistent with the stated design.
Instruction Scope
SKILL.md instructs running the included Python script and optionally configuring FEISHU_TARGET via an env file. The script performs network calls to many external data providers (QVeris, mx_data, Tushare, Finnhub, FRED, AKShare, Sina, etc.) and will send output to a Feishu target. The script defaults to a hardcoded FEISHU_TARGET value and hardcoded API keys, meaning it can transmit collected market data (and any data accessible to the script) to a preconfigured external recipient even if the operator didn't set env vars — this is scope creep from a user's expected 'run and get a report' flow.
Install Mechanism
No install spec is provided (instruction-only plus a script); nothing is downloaded at install time. That keeps install risk low. The script expects other local skills to be present and uses local paths under ~/.openclaw, which is expected for this environment.
Credentials
_meta.json and SKILL.md declare QVERIS_API_KEY and MX_APIKEY (and optional TUSHARE_TOKEN, FEISHU_TARGET) as env-based configuration, but the Python script contains hardcoded values for QVERIS_API_KEY, MX_APIKEY, TUSHARE_TOKEN, FINNHUB_API_KEY and a default FEISHU_TARGET user id. This mismatch is disproportionate and dangerous: it embeds secrets in code, ignores operator-provided credentials, and could leak data or allow unexpected API usage billed to those keys. The presence of multiple keys in code without explanation increases risk.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privileges. It reads/writes under the user's ~/.openclaw workspace and caches a trade calendar there. Copying the skill to other robots is documented but is a user action; no automatic escalation or modification of other skills' configs is present in the inspected files.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install oracle-report
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /oracle-report 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
首次发布:A股收盘日报生成器
元数据
Slug oracle-report
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Oracle 收盘报告 是什么?

生成包含大盘指数、情绪资金和全球市场数据的A股市场日报,支持节假日处理和飞书卡片格式发送。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 78 次。

如何安装 Oracle 收盘报告?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install oracle-report」即可一键安装,无需额外配置。

Oracle 收盘报告 是免费的吗?

是的,Oracle 收盘报告 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Oracle 收盘报告 支持哪些平台?

Oracle 收盘报告 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Oracle 收盘报告?

由 icemanZB(@icemanzb)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论